According to  1 , page 9, pure risk is “a situation where there are only two possible outcomes: loss or no loss”. Buying lottery tickets and selling a house are examples of speculative risk, where there is a possibility of gain or loss. Going horse riding without a helmet is an example of pure risk, where there is only a possibility of loss (injury) or no loss.

Risk management processes, outcomes, and activities should be traceable 5 . This means that there should be a clear record of how risks were identified, analyzed, evaluated, treated, monitored, reviewed, and communicated.

Risk management is a process with inputs, activities, and outcomes 1 . The inputs are the organization’s context and risk criteria. The activities are risk identification, analysis, evaluation, and treatment. The outcomes are improved decision making, performance, and resilience.

  Enhanced risk management ensures that uncertainty is managed so the organization can meet its objectives 4 . Enhanced risk management involves applying a systematic and logical process to identify, analyze, evaluate, treat, monitor, review, and communicate risks.

Risk management ensures that value is created by identifying opportunities for investment, mergers, or acquisition. Risk management helps to assess the potential benefits, costs, and risks of different options and make informed decisions.

Residual risk is the type of risk that remains after risk treatment has been applied 1 . Residual risk reflects the remaining exposure or uncertainty after taking into account existing controls.

The accuracy and reliability of the risk assessment should be identified as clearly as possible 1 . This helps to communicate the level of confidence in the risk assessment results and to inform decision-making.

Transparency and inclusiveness are key ISO 31000:2018 attributes. Transparency means that risk management activities are visible, understandable, and verifiable by relevant stakeholders. Inclusiveness means that appropriate stakeholders are involved in risk management decisions and actions.

According to , page 3, some of the drivers for change in risk management landscape include technology (such as digitalization, automation, artificial intelligence), globalization (such as increased interdependence, complexity and diversity), finance (such as financial crises, regulations, standards) but not global warming.

A pure risk only leads to the possibility of a loss, whereas a speculative risk may lead to a gain 1 2 . For example, entering into a contract to purchase a new factory is a speculative risk, as it could result in either profit or loss depending on market conditions.